Denial-of-Service vulnerability in SCALANCE X Switches
Plan Patch8.6SSA-100232Aug 13, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial-of-service vulnerability in SCALANCE X switches allows an unauthenticated attacker with network access to crash or disable the switch, causing network outages. The vulnerability exists in SCALANCE X204RNA (all versions, no fix available), SCALANCE X-200 (versions before 5.2.5), and SCALANCE X-200IRT (versions before 5.5.0) switches. Siemens has released firmware updates for X-200 and X-200IRT families. For X204RNA devices without available fixes, network segmentation and access controls are recommended.
What this means
What could happen
An unauthenticated attacker on the network could crash or disable a SCALANCE X switch, causing network outages and interrupting communication to critical plant equipment like PLCs, RTUs, and safety systems.
Who's at risk
Water utilities, electric utilities, and other municipal/critical infrastructure operators using Siemens SCALANCE X managed switches in their control networks. This affects the network backbone that connects PLCs, RTUs, SCADA servers, and safety systems. Organizations with SCALANCE X204RNA devices are particularly at risk as no firmware fix is available for those models.
How it could be exploited
An attacker with network access to a SCALANCE X switch (typically the management port or process network if the switch is reachable) sends a specially crafted packet that triggers a denial-of-service condition. The switch becomes unresponsive, disconnecting all connected devices and halting data flow between control systems and field equipment.
Prerequisites
- Network access to the SCALANCE X switch (reachable from attacker's network or compromised device on plant network)
- No authentication required
remotely exploitableno authentication requiredlow complexityno patch available (for X204RNA variants)affects network availability to safety systems
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (7)
2 with fix5 EOL
ProductAffected VersionsFix Status
SCALANCE X-200 switch family (incl. SIPLUS NET variants)< V5.2.55.2.5
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)< V5.5.05.5.0
SCALANCE X204RNA (HSR)All versionsNo fix (EOL)
SCALANCE X204RNA (PRP)All versionsNo fix (EOL)
SCALANCE X204RNA EEC (HSR)All versionsNo fix (EOL)
SCALANCE X204RNA EEC (PRP)All versionsNo fix (EOL)
SCALANCE X204RNA EEC (PRP/HSR)All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1HARDENINGFor SCALANCE X204RNA variants with no available fix, segment the switch on a protected network accessible only to authorized devices; restrict access to management ports using firewall rules or network ACLs
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate SCALANCE X-200 switch family to firmware version 5.2.5 or later
HOTFIXUpdate SCALANCE X-200IRT switch family to firmware version 5.5.0 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR). Apply the following compensating controls:
HARDENINGMonitor network traffic to affected switches for signs of denial-of-service attacks (excessive packet rates, unusual traffic patterns)
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7649c189-51cd-4e8c-9570-4feb142ff0f7